Test ID:	1.3.6.1.4.1.25623.1.0.51489
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2003:796
Summary:	Conectiva Security Advisory CLA-2003:796
Description:	The remote host is missing updates announced in advisory CLA-2003:796. The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system. A vulnerability in the do_brk() function allows local attackers to obtain root privileges. Exploits for this vulnerability have already been published. Additionally, the following vulnerabilities have been fixed in a previous kernel release which was available on the ftp server but lacked an official announcement: - CVE-2003-0550[2] and CVE-2003-0551[3]: fixes for the STP protocol - CVE-2003-0501[4]: fix for /proc/information disclosure - CVE-2003-0464[5]: fix for RPC code (affects only CL9) - CVE-2003-0476[6]: fix for the execve system call which could allow local users to gain access to restricted file descriptors Specific for Conectiva Linux 8 (already fixed in a previous announcement for CL9[7]): - CVE-2003-0619[8]: fix for XDR code - CVE-2003-0246[9]: ioperm fix - CVE-2003-0248[10]: mxcsr fix - CVE-2003-0364[11]: TCP/IP fragments denial of service - CVE-2003-0244[12]: denial of service in routing table - CVE-2003-0247[13]: denial of service in the TTY layer Starting with this update, Conectiva Linux 9 has support for the PPTP protocol, which also requires an update for the iptables package. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0961 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0476 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000701&idioma=en http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0246 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0247 http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:796 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Critical
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0550 http://www.redhat.com/support/errata/RHSA-2003-238.html Debian Security Information: DSA-358 (Google Search) http://www.debian.org/security/2004/dsa-358 Debian Security Information: DSA-423 (Google Search) http://www.debian.org/security/2004/dsa-423 http://www.redhat.com/support/errata/RHSA-2003-239.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:380 Common Vulnerability Exposure (CVE) ID: CVE-2003-0551 http://www.redhat.com/support/errata/RHSA-2003-198.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:384 Common Vulnerability Exposure (CVE) ID: CVE-2003-0501 Bugtraq: 20030620 Linux /proc sensitive information disclosure (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=105621758104242 SuSE Security Announcement: SuSE-SA:2003:034 (Google Search) http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:328 Common Vulnerability Exposure (CVE) ID: CVE-2003-0464 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:311 Common Vulnerability Exposure (CVE) ID: CVE-2003-0476 Bugtraq: 20030626 Linux 2.4.x execve() file read race vulnerability (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=105664924024009&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:074 http://www.redhat.com/support/errata/RHSA-2003-368.html http://www.redhat.com/support/errata/RHSA-2003-408.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:327 Common Vulnerability Exposure (CVE) ID: CVE-2003-0619 Bugtraq: 20030729 Remote Linux Kernel < 2.4.21 DoS in XDR routine. (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=105950927708272&w=2 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:386 Common Vulnerability Exposure (CVE) ID: CVE-2003-0246 http://www.redhat.com/support/errata/RHSA-2003-172.html http://www.redhat.com/support/errata/RHSA-2003-147.html En Garde Linux Advisory: ESA-20030515-017 http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2 Debian Security Information: DSA-311 (Google Search) http://www.debian.org/security/2003/dsa-311 Debian Security Information: DSA-312 (Google Search) http://www.debian.org/security/2003/dsa-312 Debian Security Information: DSA-332 (Google Search) http://www.debian.org/security/2003/dsa-332 Debian Security Information: DSA-336 (Google Search) http://www.debian.org/security/2003/dsa-336 Debian Security Information: DSA-442 (Google Search) http://www.debian.org/security/2004/dsa-442 http://www.mandriva.com/security/advisories?name=MDKSA-2003:066 TurboLinux Advisory: TLSA-2003-41 http://www.turbolinux.com/security/TLSA-2003-41.txt http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:278 Common Vulnerability Exposure (CVE) ID: CVE-2003-0248 http://www.redhat.com/support/errata/RHSA-2003-187.html http://www.redhat.com/support/errata/RHSA-2003-195.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:292
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: